Trojan

BScope.Trojan.Rimecud (file analysis)

Malware Removal

The BScope.Trojan.Rimecud is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.Trojan.Rimecud virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself

How to determine BScope.Trojan.Rimecud?



File Info:

name: 4717E16EF7152EBF7DE2.mlw
path: /opt/CAPEv2/storage/binaries/8c1cc60db59b84102905b7462bbfc3175ec8c88da7f085ae88da49163d01dc8b
crc32: 337A104B
md5: 4717e16ef7152ebf7de2792145059f6b
sha1: 0bfe6385648451b2a45461850f2b17c173c6f3ec
sha256: 8c1cc60db59b84102905b7462bbfc3175ec8c88da7f085ae88da49163d01dc8b
sha512: 971427fd4ba03ef54f16bd77cd85e99629c3286cb1739d3e8916dcacd8efd40667ff71dde6587546e9b5b68683e1293721249949936876ae6e085640eba3ff20
ssdeep: 3072:RAHeyKuuGuAA+A3PEu/YDKkrZa1JdS5lTA:OHmAApPEbDKYA1JdwlTA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8A3CF81DD81C531F69D2779E8BACB350287BC0A46A4123E35DD32AE3773349289AD1F
sha3_384: 39acb3f7d3c947438efe7533f41d6ddac3f7c9863e7188dc450d020eb4fc7980b4e91a0a79f06fd19dce96986f9371d5
ep_bytes: 558bec6aff686430400068c818400064
timestamp: 2010-02-14 23:35:33


Version Info:

CompanyName: ileee Eeseo
FileDescription: haia
FileVersion: 9.1.5900.3400
InternalName: Sublilis
LegalCopyright: siop nee 1982-2006
OriginalFilename: subikeenc.exe
ProductName: Post G
ProductVersion: 9.1.5900.3400
Translation: 0x0409 0x04b0

BScope.Trojan.Rimecud also known as:

BkavW32.MassiveUsbG.Worm
MicroWorld-eScanGen:Variant.Graftor.112766
FireEyeGeneric.mg.4717e16ef7152ebf
CAT-QuickHealTrojan.Rimecud.U
ALYacGen:Variant.Graftor.112766
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.643556
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0040eff51 )
K7GWTrojan ( 0040eff51 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Rimecud.AM.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AKNU
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.112766
NANO-AntivirusTrojan.Win32.Autoruner.cnypzy
AvastWin32:MalPack-B [Trj]
Ad-AwareGen:Variant.Graftor.112766
EmsisoftGen:Variant.Graftor.112766 (B)
ComodoTrojWare.Win32.Kryptik.AKNY@4qdtf7
DrWebWin32.HLLW.Autoruner.44048
VIPREGen:Variant.Graftor.112766
TrendMicroWORM_RIMECUD.SMI
McAfee-GW-EditionPWS-Zbot.gen.aqo
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/HkMain-CT
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Graftor.112766
JiangminTrojan/Generic.anoro
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.24D
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Rimecud.A
GoogleDetected
McAfeePWS-Zbot.gen.aqo
VBA32BScope.Trojan.Rimecud
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallWORM_RIMECUD.SMI
RisingTrojan.Generic@AI.100 (RDML:TNg/3KGo7JZ9y/d1TNReZw)
IkarusTrojan.Win32.Rimecud
FortinetW32/Kryptik.EQMA!tr
BitDefenderThetaGen:NN.ZexaF.34698.gm3@amjy@Oai
AVGWin32:MalPack-B [Trj]
Cybereasonmalicious.ef7152
PandaTrj/Genetic.gen

How to remove BScope.Trojan.Rimecud?

BScope.Trojan.Rimecud removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment